® 




Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



iiiiniiiiiiiii 



(5) Publication number: 



0 658 054 A2 



® 



EUROPEAN PATENT APPLICATION 



@ Application number: 9411940^7 
@ Date of filing: 0ai2.94 



© int,ClA H04N 7/16, H04N 7/167 



@ Priority: 09.12.93 IL 10796793 

@ Date of publication of application: 
14.06.95 Bulletin 95/24 

® Designated Contracting States: 

AT BE CH DE DK ES FR GB GR IE IT LI LU MC 
NL PT SE 

0 Applicant: NEWS DATACOM LTD. 
POB 495, 
Virginia Street 
London El 9XY (GB) 



@ Inventor: Nachman, Jacob Bezalel 
3 Hatamar Street 
Ramat Modiim 73127 (IL) 
Inventor: Tsuria, Yossef 
20 Shalom Sivan Street 
Jerusalem 97276 (IL) 

@ Representative: Modlano, Guido, Dr.-lng. et al 
Modiano, Josif, Pisanty & Staub, 
Baaderstrasse 3 
□-80469 Munchen (DE) 



@ Apparatus and method for securing communication systems. 



< 

in 



00 

in 

CD 



LU 



@ A hacking prevention system for use with a 
networic including a transmitter and a multiplicity of 
receivers, each receiver being independently en- 
abled by a secret number and when enabled being 
responsive to data received from the transmitter for 
decrypting encrypted information, each of the mul- 
tiplicity of receivers including: a first l<ey generator, 
employing at least part of the data and a function 
which differs for at least a plurality of ones of the 
multiplicity of receivers, for generating a first key 



which is different for each receiver having a different 
function, a second key generator employing at least 
part of the data and the function to produce a 
second key. and a secret number generator utilizing 
the first key with the second key to produce the 
secret number which is the same for all of the 
multiplicity of receivers, whereby first and second 
keys intercepted at a first receiver cannot be effec- 
tive to enable a second receiver having a different 
function. 
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FIELD OF THE INVENTION 

The present invention relates generally to se- 
cure communication systems and more particularly 
to systems wherein encrypted information is trans- 
mitted from a single location to multiple terminals 
located at non-secure locations. 

BACKGROUND OF THE INVENTION 

A major problem in secure communication sys- 
tems is the possibility of unauthorized penetration. 
Unauthorized penetration of this kind is referred to 
as hacking. 

Several methods have been employed to over- 
come the problem of hacking. Encryption of trans- 
mitted data and authentication of communicators 
are some of the methods employed to make hack- 
ing more difficult. 

One hacking method which is considered dif- 
ficult to overcome is called "The McCormac Hack". 
This method, which is believed to be theoretically 
applicable to CATV systems, is described in the 
book "World Satellite TV and Scrambling Meth- 
ods". 2nd Edition. Baylin Publications 1991, pp. 
243 - 244 by Frank Baylin, Richard Maddox and 
John McCormac and in "Satellite Watch News", 
August 1991. According to this method, a data 
stream from a legitimately authorized decoder, is 
extracted in real time and transmitted over the air 
using a small radio-frequency (RF) transmitter. The 
data stream is then used to activate a number of 
pirate decoders. 

SUMMARY OF THE INVENTION 

The present invention seeks to provide meth- 
ods and systems which substantially prevent the 
possibility of extracting a data stream from a legiti- 
mately authorized terminal and transmitting the 
data stream to a plurality of pirate terminals. 

For the purposes of the present invention, the 
term "terminals" in all of its forms is used in a 
broader than usual sense to cover all types of 
computer terminals, CATV decoders, remote com- 
puters and remote computerized stations. 

For the purposes of the present invention, the 
terms "seed" and "key" in all of their forms are 
alternately used in a broader than usual sense to 
cover all types of numbers or other symbols, either 
secret or non-secret, which are used at least as 
part of encryption/decryption keys to en- 
crypt/decrypt (or scramble/descramble) data. The 
term "secret number" will be further used, for the 
purpose of the present invention, to denote the 
secret key which is used for encryption/decryption 
(or scrambling/descrambting) of data. 
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There is thus provided in accordance with a 
preferred embodiment of the present invention a 
hacking prevention system for use with a system 
including a transmitter and a multiplicity of recelv- 

5 ers, each receiver being independently enabled by 
a secret number and when enabled being respon- 
sive to data received from the transmitter for de- 
crypting encrypted information, each of the mul- 
tiplicity of receivers having associated therewith: 

70 a first key generator, employing at least part of 

the data and a function which differs for at least a 
plurality of ones of said multiplicity of receivers, for 
generating a first key which is different for each 
receiver having a different function; 

75 a second key generator employing at least part 

of the data and said function to produce a second 
key; and 

a secret number generator utilizing the first key 
with the second key to produce said secret number 
20 which is the same for all of said multiplicity of 
receivers, 

whereby first and second keys intercepted at a 
first receiver cannot be effective to enable a sec- 
ond receiver having a different function. 

25 Additionally In accordance with a preferred em- 

bodiment of the present invention there is provided 
a hacking prevention method for use with a network 
including a transmitter and a multiplicity of receiv- 
ers, each receiver being independently enabled by 

30 a secret number and when enabled being respon- 
sive to data received from the transmitter for de- 
crypting encrypted information, the method com- 
prising the steps of: 

generating a first key, by employing at least 

35 part of the data and a function which differs for at 
least a plurality of ones of the multiplicity of receiv- 
ers, the first key being different for each receiver 
having a different function; 

generating a second key by employing at least 

40 part of the data and the function; and 

generating a secret number by utilizing the first 
key with the second key to produce the secret 
number which is the same for all of the multiplicity 
of receivers, 

45 whereby first and second keys intercepted at a 

first receiver cannot be effective to enable a sec- 
ond receiver having a different function. 

Additionally In accordance with a preferred em- 
bodiment of the present invention there is provided 

50 a system for selective transmission of information 
to a multiplicity of subscribers which subscribers 
may be individually characterized by at least one of 
the following parameters: information suppliers, 
geographic locations, and demographics, wherein 

55 information is transmitted from an information 
source to a multiplicity of subscribers which fall 
into different groups according to at least one of 
the parameters, each group being entitled to re- 
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ceive at least a portion of the information, the 
system being employed in a network including a 
transmitter and a multiplicity of receivers, each 
receiver associated with a. subscriber and being 
independently enabled by a secret number and 
when enabled being responsive to data received 
from the transmitter for decrypting encrypted in- 
formation, each of the multiplicity of receivers com- 
prising: 

a first key generator, employing at least part of 
the data and a function which differs for at least a 
plurality of ones of the multiplicity of receivers, for 
generating a first key which Is different for each 
receiver having a different function; 

a second key generator employing at least part 
of the data and the function to produce a second 
key; 

a third key generator employing at least part of 
the data to provide a key which is characterized by 
at least one of the parameters; and 

a secret number generator utilizing the first 
key, the second key and the third key to produce 
the secret number which is the same for ail of the 
multiplicity of receivers, 

whereby first and second keys intercepted at a 
first receiver cannot be effective to enable a sec- 
ond receiver having a different function, and 

whereby a third key intercepted at a receiver 
which forms part of a first group of receivers can- 
not be effective to enable a receiver which forms 
part of a second of the group of receivers. 

Further in accordance with a preferred embodi- 
ment of the present invention there is provided a 
method for selective transmission of Information to 
a multiplicity of subscribers which subscribers may 
be individually characterized by at least one of the 
following parameters: information suppliers, geo- 
graphic locations, and demographics, wherein in- 
formation is transmitted from an information source 
to a multiplicity of subscribers which fall into dif- 
ferent groups according to at least one of the 
parameters, each group being entitled to receive at 
least a portion of the information, the method being 
employed in a network including a transmitter and 
a multiplicity of receivers, each receiver associated 
with a subscriber and being independently enabled 
by a secret number and when enabled being re- 
sponsive to data received from the transmitter for 
decrypting encrypted information, the method com- 
prising the steps of: 

generating a first key by employing at least 
part of the data and a function which differs for at 
least a plurality of ones of the multiplicity of receiv- 
ers, for generating a first key which is different for 
each receiver having a different function; 

generating a second key by employing at least 
part of the data and the function to produce a 
second key; 
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generating a third key by employing at least 
part of the data to provide a key which is char- 
acterized by at least one of the parameters; and 

generating a secret number utilizing the first 
5 key, the second key and the third key to produce 
the secret number which is the same for all of the 
multiplicity of receivers, 

whereby first and second keys intercepted at a 
first receiver cannot be effective to enable a sec- 
70 ond receiver having a different function, and 

whereby a third key intercepted at a receiver 
which forms part of a first group of receivers can- 
not be effective to enable a receiver which forms 
part of a second of the group of receivers. 
75 In accordance with a preferred embodiment of 

the present invention, the function which differs for 
at least a plurality of ones of said multiplicity of 
receivers, is a random generator. 

Preferably, the second key generator is em- 
20 bodied in a single VLSI chip. 

In accordance with a preferred embodiment of 
the present invention, the VLSI chip Is mounted on 
a smart card. 

Preferably, the first key generator, the function 
25 and the secret number generator are embodied in 
a single VLSI chip. 

In accordance with a preferred embodiment of 
the present invention, the first key generator, the 
function, the secret number generator and the sec- 
30 ond key generator are embodied in a single VLSI 
chip. 

Preferably, each of said multiplicity of receivers 
comprises at least one of said VLSI chips. 

In accordance with a preferred embodiment of 
35 the invention, the network is a CATV network and 
said multiplicity of receivers are CATV receivers 
and decoders. 

BRIEF DESCRIPTION OF THE DRAWINGS 

40 

The present invention will be understood and 

appreciated more fully from the following detailed 
description, taken in conjunction with the drawings 
in which: 

45 Fig. 1 is a generalized block diagram illustration 
of a theoretical hacking system based on the 
prior art "McCormac Hack" method; 
Fig. 2 is a generalized block diagram illustration 
of part of a subscriber unit constructed and 

50 operative in accordance with a preferred em- 
bodiment of the present invention; 
Fig. 3 is a flowchart description of the func- 
tionality of the apparatus of Fig. 2; 
Fig. 4 is a flowchart description of the func- 

55 tionality of the apparatus of Fig. 2 in accordance 
with an alternative embodiment of the invention 
which does not employ conditional access 
cards; 
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Fig. 5 is a generalized block diagram illustration 
of part of a subscriber unit in accordance with a 
preferred embodiment of the invention in which 
receivers characterized by different parameters 
are enabled with the same secret number; and 
Fig. 6 is a flowchart description of the func- 
tionality of the apparatus of Fig. 5. 

DETAILED DESCRIPTION OF PREFERRED EM- 
BODIMENTS 

Reference is now made to Fig. 1, which is a 
generalized block diagram illustration of a theoreti- 
cal hacking system constructed and operative in 
accordance with the prior art "McCormac Hack" 
method. 

An authorized decoder 10, which is normally 
operated by a valid smart card 12, is coupled 
instead to a McCormac's Hack Interface (MHI) unit 
14 via a standard smart card communication link 
15. Smart card 12 is also coupled to the MHI unit 
14 via a standard smart card communication link 
16. 

MHI unit 14 "sniffs" the communication data 
passed between the smart card 12 and the au- 
thorized decoder 10 and provides it to a small 
radio transmitter 18. Radio transmitter 18 transmits 
the data via a radio-frequency (RF) link 19 to a 
radio receiver 20 which is coupled to a virtual 
smart card unit 22. Virtual smart card unit 22 is 
coupled to an unauthorized decoder 24 via a stan- 
dard smart card communication link 25. In this way 
the unauthorized decoder 24 is operated by the 
same data stream that operates the authorized 
decoder 10. 

In an alternative embodiment, MHI unit 14 
"sniffs" the data which is communicated between 
units inside the authorized decoder 10. In this 
embodiment. MHI unit 14 is linked, via communica- 
tion link 27, to a communication BUS 26 extending 
between a micro-processor 28 and a descrambling 
device 29. Communication BUS 26 carries the 
"seed" value which is the secret number required 
for descrambling. In this way the seed value may 
be extracted and transmitted to the unauthorized 
decoder for descrambling of the data. 

Reference is now made to Fig. 2, which is a 
generalized block diagram illustration of part of a 
subscriber unit constructed and operative in accor- 
dance with a preferred embodiment of the present 
invention. 

In accordance with a preferred embodiment of 
the present invention, a data stream including a 
series of authorization packets PKT1 ,...,PKTn is 
transmitted from an information source via a sat- 
ellite link, to a packet receiver and descrambler 
unit 30 which forms part of a subscriber's CATV 
receiver and decoder (not shown). A series of off- 



set values DELTA1,...,DELTAn is also transmitted 
via the satellite link and received by the packet 
receiver and descrambler unit 30. Preferably, each 
packet is paired with an offset value. 

5 In the packet receiver and descrambler unit 30 

a Packet Receiver Unit (PRU) 32 receives the 
series of packets and the offset values. A random 
number generator 34 provides a number in the 
range 1,...,n to PRU 32 by employing a random 

70 number algorithm. According to the selected num- 
ber, for example 3, the corresponding packet, i.e. 
PKT3. is transmitted to a smart card 36 and a 
corresponding offset value, i.e. DELTA3, which 
serves as an internal key, is transmitted to a de- 

75 scrambler unit 38. 

Smart card 36 employs an algorithm which 
produces an appropriate seed for each packet. 
When smart card 36 receives PKT3 it produces a 
corresponding key, here termed SEED3, and pro- 

20 vides it to the descrambler unit 38. 

It is to be appreciated that PRU 32. random 
number generator 34 and the descrambler unit 38 
are all embodied In a secure chip such as a VLSI 
chip. Thus, the communication of the random num- 

25 ber and the offset value cannot be altered or 
"sniffed". 

In the descrambler unit 38 the keys DELTA3 
and SEED3 received from PRU 32 and smart card 
36 respectively are employed by a function f such 
30 that: 

(1 ) f = f (seed value, offset value), and 

(2) SEEDO = f(SEEDi.DELTAI) for any i = 1,...,n, 
where SEEDO is the secret number required for 
descrambling of the data and "i" is any integer 

35 value in the series 1 n. If the value i = 3 is 

selected then: 

(3) SEEDO = f(SEED3.DELTA3). 

In accordance with a preferred embodiment of 
the present invention, the descrambler 38 functions 

40 as a secret number generator in generating the 
SEEDO value and also functions as a key receiver, 
which receives an Internal key and a key from the 
smart card. The SEEDO value is employed by the 
descrambler 38 for descrambling of the data. Inas- 

45 much as the descrambler 38 is in a VLSI format it 
is considered difficult. If not practically impossible, 
to tap the SEEDO value. 

It is to be appreciated that the hacking preven- 
tion system of Fig. 2 may be also operable with 

50 systems which do not employ smart cards. In that 
case the seed values corresponding to the packets 
PKT1,...,PKTn may be calculated and produced in 
any suitable part of the packet receiver and de- 
scrambler 30, such as, for example, any one* of 

55 PRU 32, random number generator 34 and de- 
scrambler 38, by employing an algorithm which is 
similar to the one employed in the smart card. 
Upon receipt of the selected random number from 
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random number generator 34, the corresponding 
calculated seed value and the appropriate offset 
value are provided to descrambler unit 38. 

Reference is now made to Fig. 3 which is a 
flowchart description of the functionality of the ap- 
paratus of Fig. 2. 

A series of data packets PKT1.....PKTn and a 
series of offset values DELTA1,....DELTAn are re- 
ceived via a satellite link. A random number gen- 
eration algorithm is employed to calculate and se- 
lect one of the index numbers 1 ,....n. The output of 
the random number generation algorithm is, for 
example the index 3. The packet whose index 
number was calculated, i.e. PKT3, is transmitted to 
the smart card. In the smart card an algorithm 
which calculates seeds is employed to calculate 
the corresponding SEED3 number. SEED3 is then 
transmitted to descrambler unit 38. 

The offset value which corresponds to the cal- 
culated index number, i.e. DELTA3, is transmitted 
to the descrambling unit 38 where it is combined or 
otherwise utilized, by use of a secret number gen- 
erator, with SEED3. to calculate a SEEDO value 
which is the secret number employed to descram- 
bie the satellite transmissions. 

Reference is now made to Fig. 4 which is a 
flowchart description of the functionality of the ap- 
paratus of Fig. 2 according to an alternative em- 
bodiment of the invention. The flowchart of Fig. 4 is 
similar to the one described in Fig. 3 except that 
the calculation of the seeds Is not performed in a 
smart card but rather in PRU 32 of Fig. 2. It is to 
be appreciated that the calculation of the seeds is 
not limited to PRU 32 but may rather be performed 
in any part of the secure VLSI chip which forms the 
packet receiver and descrambler unit 30 shown in 
Fig. 2. 

Reference is now made to Fig. 5 which is a 
generalized block diagram illustration of part of a 
subscriber unit in accordance with a preferred em- 
bodiment of the invention in which receivers of 
information supplied by different suppliers or re- 
ceivers which are otherwise distinguished from 
each other, as by demographics, geographic loca- 
tion or any other parameter, are enabled with the 
same secret number. 

The system of Fig. 5 is similar to the system of 
Fig. 2 except that additional data is received from 
an information source via the satellite link and 
processed in a packet receiver and descrambler 
unit 130. 

PRU 132 receives, via a satellite link, the fol- 
lowing data: a series of packets PKTl,....PKTn; a 
series of first offset values DELTA1,...,DELTAn to 
be employed in part of the abovementioned anti- 
hacking method: and a series of second offset 
values GAMMA1...., GAMMAk. 



The series of second offset values GAM- 
MAI ,...,GAMMAk is employed to distinguish be- 
tween separate groups of subscribers/receivers 
which may t>e distinguished from each other on the 

5 basis of one or more criteria, such as their program 
suppliers, their geographic location or their de- 
mographics. Thus, each group of receivers is char- 
acterized by one of the second offset values. 

Characterization of the group of receivers can 

10 be achieved either by an internal code or an inter- 
nal algorithm which is entered during manufacture 
of each decoder, preferably in packet receiver and 
descrambler 130, or by an algorithm in the smart 
card which upon its first communication with the 

75 decoder causes the decoder to be valid for a 
selected parameter or group of parameters, as 
exemplified above. Thus, upon such characteriza- 
tion, each decoder is enabled to select only one of 
the second offset values GAMMA1,...,GAMMAk. 

20 Alternatively or additionally the characterization 

of the decoder may be achieved using only the 
first offset values. In such a case, different decod- 
ers may be set to receive only certain ones of the 
offset values and not others. In this way, the use of 

25 the second offset values may be obviated. 

If, for example, the decoder is characterized to 
select GAMMA2, which defines a unique program 
supplier, PRU 132 will transmit GAMMA2 to de- 
scrambler unit 138. Upon selection of a random 

30 number, for example 3, by random number gener- 
ator 134, PRU 132 transmits the respective data 
packet PKT3 to smart card 136. PRU 132 also 
transmits an offset value from the series of offset 
values DELTA1 DELTAn according to the select- 

35 ed random number, i.e. DELTA3. to descrambler 
unit 138. 

When issued, the set of smart cards for the 
subscribers for each group are different from the 
set of smart cards issued for the subscribers of 

40 another group. Differentiation is achieved by em- 
ploying different algorithms in each set of smart 
cards. Therefore, for example, even if in two de- 
coders, which are operated by two different in- 
formation suppliers, the same random number is 

45 selected, i.e. 3, and the same data packet is trans- 
mitted to both smart cards, i.e. PKT3, each smart 
card calculates a different seed value, i.e. SEED3 
and SEED3*. 

Since each of the abovementioned two decod- 

50 ers is operated by a separate program supplier, 
different second offset values area transmitted to 
descrambler unit 138, for example GAMMA2 and 
GAMMA3 respectively. 

In the descrambler units 138 of the two decod- 

55 ers the same secret number generator is operated 
such that: 

(4) f = f(seed value, first offset value, second 
offset value); 
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(5) SEEDO = f(SEED3. DELTA3. GAMMA2); 
and also 

(6) SEEDO = f(SEED3*, DELTA3, GAMMA3). 

It is to be appreciated that in accordance with 
the abovementioned method the same SEEDO may 
be employed for descrambling of information origi- 
nated from one source and targeted to separate 
groups of subscribers while preventing subscribers 
of one group from receiving intelligible information 
destined for another group. 

Reference Is now made to Fig. 6 which is a 
flowchart description of the functionality of the ap- 
paratus of Fig. 5. 

A series of data packets PKT1 ,....PKTn, a se- 
ries of first offset values DELTA1,...,DELTAn and a 
series of second offset values GAM- 
MAI .....GAMMAk are received via a satellite link. A 
random number generation algorithm is employed 
to calculate and select one of the index numbers 
1,....n. The output of the random number genera- 
tion algorithm Is, for example the Index 3. The 
packet whose Index number was calculated, i.e. 
PKT3, is transmitted to the smart card. 

In the smart card an algorithm which calculates 
seeds is employed to calculate the corresponding 
SEED3* number. SEED3* is then transmitted to 
descrambler unit 138. 

The first offset value which corresponds to the 
calculated index number, i.e. DELTA3, is transmit- 
ted to the descrambling unit 138. A second offset 
value which identifies a supplier or jurisdiction, for 
example GAMMA2, is also transmitted to descram- 
bler unit 138. 

In the descrambler unit 138 SEED3*, DELTA3 
and GAMMA2 are combined, by use of a secret 
number generation algorithm, to calculate a SEEDO 
value which is the secret number employed to 
descrambte the satellite transmissions. 

It will be appreciated by persons skilled in the 
art that the present invention is not limited by what 
has been particularly shown and described 
hereinabove. Rather the scope of the present in- 
vention is defined only by the claims which follow: 
Where technical features mentioned in any claim 
are followed by reference signs, those reference 
signs have been included for the sole purpose of 
increasing the intelligibility of the claims and ac- 
cordingly, such reference signs do not have any 
limiting effect on the scope of each element iden- 
tified by way of example by such reference signs. 

Claims 

1. A hacking prevention system for use with a 
network including a transmitter and a multiplic- 
ity of receivers, each receiver being indepen- 
dently enabled by a secret number and when 
enabled being responsive to data received 



from the transmitter for decrypting encrypted 
information, each of the multiplicity of receiv- 
ers comprising: 

a first key generator, employing at least 
5 part of the data and a function which differs for 

at least a plurality of ones of the multiplicity of 
receivers, for generating a first key which is 
different for each receiver having a different 
function: 

70 a second key generator employing at least 

part of the data and the function to produce a 
second key; and 

a secret number generator utilizing the first 
key with the second key to produce the secret 

75 number which Is the same for all of said mul- 

tiplicity of receivers. 

whereby first and second keys intercepted 
at a first receiver cannot be effective to enable 
a second receiver having a different function. 

20 

2. A hacking prevention system according to 
claim 1 wherein said function which differs for 
at least a plurality of ones of said multiplicity of 
receivers, is a random generator. 

25 

3. A hacking prevention system according to 
claim 1 and wherein the second key generator 
is embodied In a single VLSI chip. 

30 4. A hacking prevention system according to 
claim 1 wherein the first key generator, the 
function and the secret number generator are 
embodied in a single VLSI chip. 

35 5. A hacking prevention system according to 
claim 1 wherein the first key generator, the 
function, the secret number generator and the 
second key generator are embodied In a single 
VLSI chip. 

40 

6. A hacking prevention system according to 
claim 6 wherein each of said multiplicity of 
receivers comprises at least one of said VLSI 
chips. 

45 

7. A hacking prevention system according to 
claim 1 and wherein said network is a CATV 
network and said multiplicity of receivers are 
CATV receivers and decoders. 

50 

8. A hacking prevention method for use with a 
network including a transmitter and a multiplic- 
ity of receivers, each receiver being indepen- 
dently enabled by a secret number and when 

65 enabled being responsive to data received 

from the transmitter for decrypting encrypted 
information, the method comprising the steps 
of: 
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generating a first key. by employing at 
least part of the data and a function which 
differs for at least a plurality of ones of said 
multiplicity of receivers, said first key being 
different for each receiver having a different 5 
function; 

generating a second key by employing at 
least part of the data and said function; and 

generating a secret number by utilizing the 
first key with the second key to produce said io 
secret number which is the same for all of said 
multiplicity of receivers. 

whereby first and second keys intercepted 
at a first receiver cannot be effective to enable 
a second receiver having a different function. is 

9. A system for selective transmission of informa- 
tion to a multiplicity of subscribers which sub- 
scribers may be individually characterized by 
at least one of the following parameters: in- 20 
formation suppliers, geographic locations, and 
demographics, wherein information is transmit- 
ted from an information source to a multiplicity 
of subscribers which fall into different groups 
according to at least one of said parameters, 25 
each group being entitled to receive at least a 
portion of the information, the system being 
employed in a network including a transmitter 
and a multiplicity of receivers, each receiver 
associated with a subscriber and being in- 30 
dependently enabled by a secret number and 
when enabled being responsive to data re- 
ceived from the transmitter for decrypting en- 
crypted information, each of the multiplicity of 
receivers comprising: 35 

a first key generator, employing at least 
part of the data and a function which differs for 
at least a plurality of ones of said multiplicity of 
receivers, for generating a first key which is 
different for each receiver having a different 40 
function; 

a second key generator employing at least 
part of the data and said function to produce a 
second key; 

a third key generator employing at least 45 
part of the data to provide a key which is 
characterized by at least one of said param- 
eters; and 

a secret number generator utilizing the first 
key, the second key and the third key to 50 
produce said secret number which Is the same 
for all of said multiplicity of receivers, 

whereby first and second keys intercepted 
at a first receiver cannot be effective to enable 
a second receiver having a different function, 55 
and 

whereby a third key intercepted at a re- 
ceiver which forms part of a first group of 



receivers cannot be effective to enable a re- 
ceiver which forms part of a second of said 
group of receivers. 

10. A method for selective transmission of informa- 
tion to a multiplicity of subscribers which sub- 
scribers may be individually characterized by 
at least one of the following parameters: in- 
formation suppliers, geographic locations, and 
demographics, wherein Information Is transmit- 
ted from an information source to a multiplicity 
of subscribers which fall into different groups 
according to at least one of said parameters, 
each group being entitled to receive at least a 
portion of the information, the method being 
employed in a network including a transmitter 
and a multiplicity of receivers, each receiver 
associated with a subscriber and being in- 
dependently enabled by a secret number and 
when enabled being responsive to data re- 
ceived from the transmitter for decrypting en- 
crypted information, the method comprising 
the steps of: 

generating a first key by employing at 
least part of the data and a function which 
differs for at least a plurality of ones of said 
multiplicity of receivers, for generating a first 
key which is different for each receiver having 
a different function; 

generating a second key by employing at 
least part of the data and said function to 
produce a second key; 

generating a third key by employing at 
least part of the data to provide a key which is 
characterized by at least one of said param- 
eters; and 

generating a secret number utilizing the 
first key, the second key and the third key to 
produce said secret number which is the same 
for all of said multiplicity of receivers, 

whereby first and second keys intercepted 
at a first receiver cannot be effective to enable 
a second receiver having a different function, 
and 

whereby a third key intercepted at a re- 
ceiver which forms part of a first group of 
receivers cannot be effective to enable a re- 
ceiver which forms part of a second of said 
group of receivers. 
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